<!doctype html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<title></title>
	<link rel="stylesheet" type="text/css" href="http://paranoid.net.cn/semantic.css" >
</head>
<body>
<section-title-en>3 SECURITY BACKGROUND</section-title-en>
<section-title-ch>3 安全背景</section-title-ch>
<p-en>
	Most systems rely on some cryptographic primitives for security. Unfortunately, these primitives have many assumptions, and building a secure system on top of them is a highly non-trivial endeavor. It follows that a system's security analysis should be particularly interested in what cryptographic primitives are used, and how they are integrated into the system.
</p-en>
<p-ch>
	大多数系统都依靠一些密码学基元来保证安全。不幸的是，这些基元有许多假设，在这些基元之上建立一个安全系统是一项非常不容易的工作。因此，系统的安全分析应该特别关注使用了哪些密码学基元，以及它们是如何集成到系统中的。
</p-ch>
<p-en>
	§3.1 and §3.2 lay the foundations for such an analysis by summarizing the primitives used by the secure architectures of interest to us, and by describing the most common constructs built using these primitives. §3.3 builds on these concepts and describes software attestation, which is the most popular method for establishing trust in a secure architecture.</p-en>
<p-ch>
	§3.1 和 §3.2 通过总结我们感兴趣的安全架构所使用的基元，并描述使用这些基元建立的最常见的构造，为这种分析奠定了基础。 §3.3 建立在这些概念的基础上，描述了软件证言，这是建立安全架构信任的最常用方法。
</p-ch>
<p-en>
	Having looked at the cryptographic foundations for building secure systems, we turn our attention to the attacks that secure architectures must withstand. Asides from forming a security checklist for architecture design, these attacks build intuition for the design decisions in the architectures of interest to us.
</p-en>
<p-ch>
	在看过构建安全系统的密码学基础之后，我们将注意力转向安全架构必须经受的攻击。除了形成架构设计的安全检查表外，这些攻击还为我们感兴趣的架构中的设计决策建立了直觉。
</p-ch>
<p-en>
	The attacks that can be performed on a computer system are broadly classified into physical attacks and software attacks. In physical attacks, the attacker takes advantage of a system's physical implementation details to perform an operation that bypasses the limitations set by the computer system's software abstraction layers. In contrast, software attacks are performed solely by executing software on the victim computer. §3.4 summarizes the main types of physical attacks.
</p-en>
<p-ch>
	对计算机系统进行的攻击, 大致可分为物理攻击和软件攻击。在物理攻击中，攻击者利用系统的物理实现细节，绕过计算机系统的软件抽象层设置的限制进行操作。而软件攻击则是单纯通过在受害计算机上执行软件来进行的。 §3.4总结了物理攻击的主要类型。
</p-ch>
<p-en>
	The distinction between software and physical attacks is particularly relevant in cloud computing scenarios, where gaining software access to the computer running a victim's software can be accomplished with a credit card backed by modest funds [157], whereas physical access is a more difficult prospect that requires trespass, coercion, or social engineering on the cloud provider's employees.
</p-en>
<p-ch>
	软件攻击和物理攻击之间的区别在云计算场景中尤为重要，在云计算场景中，只要有少量资金支持的信用卡，就可以实现对运行受害者的软件的计算机的软件访问[157]，而物理访问则是一个更困难的前景，需要对云提供商的员工进行非法入侵、胁迫或社会工程。
</p-ch>
<p-en>
	However, the distinction between software and physical attacks is blurred by the attacks presented in §3.6, which exploit programmable peripherals connected to the victim computer's bus in order to carry out actions that are normally associated with physical attacks.
</p-en>
<p-ch>
	然而，软件攻击和物理攻击之间的区别被§3.6中提出的攻击所模糊，它利用连接到受害计算机总线上的可编程外设来进行通常与物理攻击相关联的行为。
</p-ch>
<p-en>
	While the vast majority of software attacks exploit a bug in a software component, there are a few attack classes that deserve attention from architecture designers. Memory mapping attacks, described in §3.7, become a possibility on architectures where the system software is not trusted. Cache timing attacks, summarized in §3.8 exploit microarchitectural behaviors that are completely observable in software, but dismissed by the security analyses of most systems.
</p-en>
<p-ch>
	虽然绝大多数的软件攻击都是利用软件组件中的bug，但有几类攻击值得架构设计者关注。§3.7中描述的内存映射攻击，在系统软件不可信的架构上成为一种可能。§3.8中总结的缓存时序攻击，利用的是软件中完全可以观察到的微观架构行为，但被大多数系统的安全分析所忽略。
</p-ch>

</body>
</html>	